DEV Community

loading...

Discussion on: So you think you're just gonna `npm install`? Think again

Collapse
saurabhdaware profile image
Saurabh Daware 🌻

Hi, great article! I have a question:
So I've seen dependabot updating package-lock file in its commits, so how does it work? Does changing the integrity hash in package-lock.json change things ?

Collapse
lirantal profile image
Liran Tal Author

if you run an npm install with npm ci then npm will only consult the lockfile, and so changing the lockfile directly will work.